webauthn – Page 6 – WindowsTechs.com

What are the benefits of using WebAuthn?

Posted on October 29, 2020 by D. Pardal

The Web Authentication API allows websites served via HTTPS to allow users to authenticate via asymmetric encryption. The procedure for login is basically the following:

Server sends a challenge (16 random bytes);
Client signs the challen… Continue reading What are the benefits of using WebAuthn?→

Store or protect a secret with a WebAuthn device

Posted on September 10, 2020 by Gaby

So I have this application with a web frontend where users can exchange data in an end-to-end encrypted fashion.
Those users each have a client-side generated RSA keypair. The public part is stored in the server’s database to be used when … Continue reading Store or protect a secret with a WebAuthn device→

WebAuthn – What am I missing?

Posted on August 2, 2020 by Chris

I’m trying to learn a bit about authentication and security protocols at a 10,000 foot level. I was reading about WebAuthn here: https://webauthn.guide/ and here:
https://webauthn.io/
I’m sure what I’m about to ask has obvious answers, bec… Continue reading WebAuthn – What am I missing?→

TikTok Privacy Concerns, macOS Ransomware, Bad Passwords

Posted on July 6, 2020 by Tom Eston

In episode 128 for July 6th 2020: In episode 128 for July 6th 2020: New TikTok privacy concerns, the rise of macOS ransomware, and details on new research about bad password choices. ** Links mentioned on the show ** Family Safety and Security with And… Continue reading TikTok Privacy Concerns, macOS Ransomware, Bad Passwords→

Firefox to tell you if sites are shortening your passwords

Posted on May 19, 2020 by John E Dunn

Mozilla is fixing a longstanding password problem to alert users when their password exceeds the maximum length allowed. Continue reading Firefox to tell you if sites are shortening your passwords→

The End of Passwords as We Know It

Posted on April 27, 2020 by Tom Eston

In episode 118 for April 27th 2020: A discussion about the end of passwords and what the future may hold with special guest Andrew Shikiar executive director of the FIDO Alliance. ** Show notes and links mentioned on the show ** Find out more about the… Continue reading The End of Passwords as We Know It→

Risks with OpenSSL verifying a signature with un-trusted PEM encoded public key

Posted on February 3, 2020 by Craig Francis

If a website user wants to use WebAuthn, they will start by creating a credential, where their authentication device provides a public key.

This key is encoded, and sent back to the server to store against their account.

Later, when the … Continue reading Risks with OpenSSL verifying a signature with un-trusted PEM encoded public key→

Google launches open-source security key project, OpenSK

Posted on February 3, 2020 by Danny Bradbury

OpenSK is a piece of firmware that you can install on a USB dongle of your own, turning it into a usable FIDO or U2F key. Continue reading Google launches open-source security key project, OpenSK→

WebAuthn Variation with non-connect dongle Authenticator

Posted on December 16, 2019 by mazecreator

As I read through the WebAuthn / FIDO2 documentation, it appears the authentication is done on the local device to create an attestation to the FIDO server. This future implies the “biometrics” or other Authenticator means m… Continue reading WebAuthn Variation with non-connect dongle Authenticator→

How to add a new webauthn key if the existing one isn’t portable

Posted on November 28, 2019 by Jonas Schwabe

Webauthn supports authentication or multi factor authentication with either hardware keys or authentication features that are built into the device used (Windows Hello, Android with a Fingerprint, …).

Given the case that a… Continue reading How to add a new webauthn key if the existing one isn’t portable→